TrustVP: Construction and Evolution of Trusted Chain on Virtualization Computing Platform

Abstract

Trusted chain technology provides a good opportunity to guarantee software and data integrities on cloud computing platforms. However, trusted chain on current virtualization computing platforms expose some problems, such as non-continuous, difficult to evolve or customize, insecure to transmit for remote attestation. To address these issues, this paper proposes a new approach to construct, protect and update the trusted chain on virtualization computing platform. This approach constructs a complete trusted chain based on full-virtualization technology, ensures the security of the chain by using the seal and unseals features of Trusted Platform Module (TPM), and proposes an algorithm called TPRTM to update the chain. We also describe architecture and a prototype system implementation that can solve the problems mentioned above on current platform. Experimental results show that our method can guarantee the integrities of all customizable programs on the trusted chain while incurring only 2.23% performance degradation. Furthermore, the system has been deployed in a large-scale communication enterprise and the results reveal that our system is safe, stable, and easy to use.